Commit b61ba262 authored by Michael Niedermayer's avatar Michael Niedermayer

mpc8: check seektable size before attempting to use it.

Fixes null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent ff7e2342
...@@ -145,6 +145,10 @@ static void mpc8_parse_seektable(AVFormatContext *s, int64_t off) ...@@ -145,6 +145,10 @@ static void mpc8_parse_seektable(AVFormatContext *s, int64_t off)
av_log(s, AV_LOG_ERROR, "No seek table at given position\n"); av_log(s, AV_LOG_ERROR, "No seek table at given position\n");
return; return;
} }
if (size > INT_MAX/10 || size<=0) {
av_log(s, AV_LOG_ERROR, "Seek table size is invalid\n");
return;
}
if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE))) if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE)))
return; return;
avio_read(s->pb, buf, size); avio_read(s->pb, buf, size);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment